LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Fedora
User Name
Password
Fedora This forum is for the discussion of the Fedora Project.

Notices



Reply
 
Search this Thread
Old 11-06-2007, 01:33 PM   #1
slackamp
Member
 
Registered: Dec 2005
Distribution: slackware-current
Posts: 86

Rep: Reputation: 16
need explanation on an iptables entry


# Generated by iptables-save v1.3.5 on Thu Jul 5 12:19:04 2007
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [12325:2319098]



What does the line ":OUTPUT ACCEPT [12325:2319098]" mean? will it cause any trouble? What would happen if I put [0:0]?
 
Old 11-07-2007, 09:45 AM   #2
blackhole54
Senior Member
 
Registered: Mar 2006
Posts: 1,896

Rep: Reputation: 61
Quote:
Originally Posted by slackamp View Post
What does the line ":OUTPUT ACCEPT [12325:2319098]" mean? will it cause any trouble? What would happen if I put [0:0]?
The output of iptables-save is an abbreviated listing of your firewall rules that iptables-restore can use to restore the state of the firewall. The line you ask about says the policy for the OUTPUT chain is DROP. The numbers in brackets are packet and byte counts for that policy that can be restored with iptables-restore. If you set them to zero, then you just lose that information.

I hope what you listed isn't the entire contents of that file. If so, all incoming packets will be dropped, including loopback packets. Normally you would want to at least accept loopback.
 
Old 11-07-2007, 12:19 PM   #3
nomb
Member
 
Registered: Jan 2006
Distribution: Debian Testing
Posts: 675

Rep: Reputation: 58
So wait, when you say packets or byte counts that can be restored, what are you saying exactly? That the chain made copies of packets as they went through and you can restore them into a packet and send them again?
 
Old 11-07-2007, 07:47 PM   #4
blackhole54
Senior Member
 
Registered: Mar 2006
Posts: 1,896

Rep: Reputation: 61
Quote:
Originally Posted by nomb View Post
So wait, when you say packets or byte counts that can be restored, what are you saying exactly? That the chain made copies of packets as they went through and you can restore them into a packet and send them again?
Not at all. Netfilter counted the packets that "dropped through the end" of the chain and were handled by the chain's policy. It also kept track of the total size of those packets. So for the data posted, 12325 packets with a total size of 2319098 bytes were ACCEPTed by the OUPUT chain's policy. You can see this same data on a running netfilter with the command:

Code:
iptables -nvL
I don't think I have ever played around with iptables-restore, but according to its man page, using the -c option will restore the packet and byte counters. It just plugs the numbers in. It doesn't replay the packets!
 
Old 11-07-2007, 08:00 PM   #5
nomb
Member
 
Registered: Jan 2006
Distribution: Debian Testing
Posts: 675

Rep: Reputation: 58
Gotcha, thats were I was a little confused.
Altho, that would be awsome if it could replicate the packets...

*starts scheming*



nomb
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
eth0 -> wlan0 IPtables entry not working SekurityKlown Linux - Networking 1 07-30-2007 06:42 AM
iptables parameter explanation kpachopoulos Linux - Networking 1 03-01-2006 05:23 PM
Need help with LOG entry in IPTABLES sergio3986 Linux - Networking 5 12-12-2003 03:59 PM
strange iptables entry jimieee Linux - Networking 2 11-10-2003 11:31 AM
iptables log entry??? bulliver Linux - Security 2 02-15-2003 11:54 PM


All times are GMT -5. The time now is 11:00 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration